title
Please take a moment to fill out this form. We will get back to you as soon as possible.
All fields marked with an asterisk (*) are mandatory.
Conducting Threat Hunting and Defending using Cisco Technologies for CyberOps
Duration
5 Days
Course
CSC-ELT-CBRTHD
Available Formats
Self-Paced Training
Course Description
Overview
The Conducting Threat Hunting and Defending using Cisco Technologies for CyberOps (CBRTHD) training is a 5-day Cisco threat hunting training that introduces and guides you to a proactive security search through networks, endpoints, and datasets to hunt for malicious, suspicious, and risky activities that may have evaded detection by existing tools. In this training, you will learn the core concepts, methods, and processes used in threat hunting investigations. This training provides an environment for attack simulation and threat hunting skill development using a wide array of security products and platforms from Cisco and third-party vendors.This training prepares you for the 300-220 CBRTHD v1.0 exam. If passed, you earn the Cisco Certified Specialist – Threat Hunting and Defending certification and satisfy the concentration exam requirement for the Cisco Certified CyberOps Professional certification. This training also earns you 40 credits towards recertification.
Objectives
This training will help you:
- Learn how to perform a proactive security search through networks, endpoints, and datasets to hunt for malicious, suspicious, and risky activities that may have evaded detection by existing tools
- Gain leading-edge career skills focused on cybersecurity
- Prepare for the 300-220 CBRTHD v1.0 exam
- Earn 40 CE credits toward recertification
- Define threat hunting and identify core concepts used to conduct threat hunting investigations
- Examine threat hunting investigation concepts, frameworks, and threat models
- Define cyber threat hunting process fundamentals
- Define threat hunting methodologies and procedures
- Describe network-based threat hunting
- Identify and review endpoint-based threat hunting
- Identify and review endpoint memory-based threats and develop endpoint-based threat detection
- Define threat hunting methods, processes, and Cisco tools that can be utilized for threat hunting
- Describe the process of threat hunting from a practical perspective
- Describe the process of threat hunt reporting
Audience
- Security Operations Center staff
- Security Operations Center (SOC) Tier 2 Analysts
- Threat Hunters
- Cyber Threat Analysts
- Threat Managers
- Risk Managements
Prerequisites
-
There are no prerequisites for this training. However, the knowledge and skills you are recommended to have before attending this training are:
- General knowledge of networks and network security
- Implementing and Administering Cisco Solutions (CCNA)
- Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)
- Performing CyberOps Using Cisco Security Technologies (CBRCOR)
Topics
Course Outline
- 1. Threat Hunting Theory
- 2. Threat Hunting Concepts, Frameworks, and Threat Models
- 3. Threat Hunting Process Fundamentals
- 4. Threat Hunting Methodologies and Procedures
- 5. Network-Based Threat Hunting
- 6. Endpoint-Based Threat Hunting
- 7. Endpoint-Based Threat Detection Development
- 8. Threat Hunting with Cisco Tools
- 9. Threat Hunting Investigation Summary: A Practical Approach
- 10. Reporting the Aftermath of a Threat Hunt Investigation
- 1. Categorize Threats with MITRE ATTACK Tactics and Techniques
- 2. Compare Techniques Used by Different APTs with MITRE ATTACK Navigator
- 3. Model Threats Using MITRE ATTACK and D3FEND
- 4. Prioritize Threat Hunting Using the MITRE ATTACK Framework and Cyber Kill Chain
- 5. Determine the Priority Level of Attacks Using MITRE CAPEC
- 6. Explore the TaHiTI Methodology
- 7. Perform Threat Analysis Searches Using OSINT
- 8. Attribute Threats to Adversary Groups and Software with MITRE ATTACK
- 9. Emulate Adversaries with MITRE Caldera
- 10. Find Evidence of Compromise Using Native Windows Tools
- 11. Hunt for Suspicious Activities Using Open-Source Tools and SIEM
- 12. Capturing of Network Traffic
- 13. Extraction of IOC from Network Packets
- 14. Usage of ELK Stack for Hunting Large Volumes of Network Data
- 15. Analyzing Windows Event Logs and Mapping Them with MITRE Matrix
- 16. Endpoint Data Acquisition
- 17. Inspect Endpoints with PowerShell
- 18. Perform Memory Forensics with Velociraptor
- 19. Detect Malicious Processes on Endpoints
- 20. Identify Suspicious Files Using Threat Analysis
- 21. Conduct Threat Hunting Using Cisco Secure Firewall, Cisco Secure Network Analytics, and Splunk
- 22. Conduct Threat Hunt Using Cisco XDR Control Center and Investigate
- 23. Initiate, Conduct, and Conclude a Threat Hunt
Related Courses
-
Implementing Automation for Cisco Security Solutions (SAUI)
CSC-SAUI- Duration: 3 Days
- Delivery Format: Classroom Training, Online Training
- Price: 2,895.00 USD
-
Implementing and Operating Cisco Security Core Technologies (SCOR)
CSC-SCOR- Duration: 5 Days
- Delivery Format: Classroom Training, Online Training
- Price: 4,295.00 USD
Self-Paced Training Info
Learn at your own pace with anytime, anywhere training
- Same in-demand topics as instructor-led public and private classes.
- Standalone learning or supplemental reinforcement.
- e-Learning content varies by course and technology.
- View the Self-Paced version of this outline and what is included in the SPVC course.
- Learn more about e-Learning
Course Added To Shopping Cart
bla
bla
bla
bla
bla
bla
Self-Paced Training Terms & Conditions
ONCE YOU ARE ENROLLED IN THIS COURSE YOU WILL NOT BE ABLE TO CANCEL YOUR ENROLLMENT. You are billed for the course when you submit the enrollment form. Self-Paced Virtual Classes are non-refundable. Once you purchase a Self-Paced Virtual Class, you will be charged the full price.
This is a Cisco Self-Paced virtual class; it is intended for students who do not need the support of a classroom instructor. If you feel you would better benefit from having access to a Subject Matter Expert, please check to see if an Instructor-Led version is available.
- Students will receive an access code within 1-3 business days.
- If purchasing a self-paced course for multiple students, the purchaser will receive the access codes and must distribute them individually to the students.
- Students have access to the course 24/7 and will need to read and follow all instructions carefully to complete the course successfully within their allotted time.
Q: How long do I have access to the course and the Labs within the course?
A: Labs are available for the length of your course subscription.
Q: Can I reset the course and start over?
A: No.
Q: Is there a time limit for the Trial (Demo)?
A: There is no expiration on registration to the trial versions. Access is capped not in time, but by the fact that only a select number of sections are unlocked within the content.'
Exam Terms & Conditions
??exam-warning??
??group-training-form-area??
??how-can-we-help-you-area??
??personalized-form-area??
??request-quote-area??
Sorry, there are no classes that meet your criteria.
Please contact us to schedule a class.
STOP! Before You Leave
Save 0% on this course!
Take advantage of our online-only offer & save 0% on any course !
Promo Code skip0 will be applied to your registration
Nothing yet
Purchase Information
??elearning-coursenumber?? ??coursename??
View Cart
title
Please take a moment to fill out this form. We will get back to you as soon as possible.
All fields marked with an asterisk (*) are mandatory.